Update CHANGELOG.md for 12.9.1

[ci skip]

Update CHANGELOG.md for 12.9.1
[ci skip]
a4cb5a6f · GitLab Release Tools Bot · 1acb2ee3 · a4cb5a6f · 1acb2ee3 · 1acb2ee3
18 changed file
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,32 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.

+## 12.9.1 (2020-03-26)
+
+### Security (16 changes)
+
+- Add permission check for pipeline status of MR.
+- Ignore empty remote_id params from Workhorse accelerated uploads.
+- External user can not create personal snippet through API.
+- Prevent malicious entry for group name.
+- Restrict mirroring changes to admins only when mirroring is disabled.
+- Reject all container registry requests from blocked users.
+- Deny localhost requests on fogbugz importer.
+- Redact notes in moved confidential issues.
+- Fix UploadRewriter Path Traversal vulnerability.
+- Block hotlinking to repository archives.
+- Restrict access to project pipeline metrics reports.
+- vulnerability_feedback records should be restricted to a dev role and above.
+- Exclude Carrierwave remote URL methods from import.
+- Update Nokogiri to fix CVE-2020-7595.
+- Prevent updating trigger by other maintainers.
+- Fix XSS vulnerability in `admin/email` "Recipient Group" dropdown.
+
+### Fixed (1 change)
+
+- Fix updating the authorized_keys file. !27798
+
+
 ## 12.9.0 (2020-03-22)

 ### Security (1 change)

--- a/changelogs/unreleased/212178-fix-authorized-keys-worker.yml
+++ b/changelogs/unreleased/212178-fix-authorized-keys-worker.yml
---
-title: Fix updating the authorized_keys file
-merge_request: 27798
-author:
-type: fixed
--- a/changelogs/unreleased/security-120026-redact-notes-in-moved-confidential-issues.yml
+++ b/changelogs/unreleased/security-120026-redact-notes-in-moved-confidential-issues.yml
---
-title: Redact notes in moved confidential issues
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-193100-ignore-duplicate-multipart-params.yml
+++ b/changelogs/unreleased/security-193100-ignore-duplicate-multipart-params.yml
---
-title: Ignore empty remote_id params from Workhorse accelerated uploads
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-59-prevent-create-api-snippet.yml
+++ b/changelogs/unreleased/security-59-prevent-create-api-snippet.yml
---
-title: External user can not create personal snippet through API
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-backend-xss-admin-email.yml
+++ b/changelogs/unreleased/security-backend-xss-admin-email.yml
---
-title: Prevent malicious entry for group name
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-disable-mirroring-fix.yml
+++ b/changelogs/unreleased/security-disable-mirroring-fix.yml
---
-title: Restrict mirroring changes to admins only when mirroring is disabled
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-docker-blocked-users.yml
+++ b/changelogs/unreleased/security-docker-blocked-users.yml
---
-title: Reject all container registry requests from blocked users
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-fogbugz-importer-deny-localhost-requests.yml
+++ b/changelogs/unreleased/security-fogbugz-importer-deny-localhost-requests.yml
---
-title: Deny localhost requests on fogbugz importer
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-mr-pipeline-status-permission-check.yml
+++ b/changelogs/unreleased/security-mr-pipeline-status-permission-check.yml
---
-title: Add permission check for pipeline status of MR
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-path-traversal-master.yml
+++ b/changelogs/unreleased/security-path-traversal-master.yml
---
-title: Fix UploadRewriter Path Traversal vulnerability
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-repository-archive-hotlinking.yml
+++ b/changelogs/unreleased/security-repository-archive-hotlinking.yml
---
-title: Block hotlinking to repository archives
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-restrict-project-pipeline-metrics.yml
+++ b/changelogs/unreleased/security-restrict-project-pipeline-metrics.yml
---
-title: Restrict access to project pipeline metrics reports
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-rf-vulnerability-metadata-fix.yml
+++ b/changelogs/unreleased/security-rf-vulnerability-metadata-fix.yml
---
-title: vulnerability_feedback records should be restricted to a dev role and above
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-ssrf-attachment-url.yml
+++ b/changelogs/unreleased/security-ssrf-attachment-url.yml
---
-title: Exclude Carrierwave remote URL methods from import
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-update-nokogiri-cve-2020-7595.yml
+++ b/changelogs/unreleased/security-update-nokogiri-cve-2020-7595.yml
---
-title: Update Nokogiri to fix CVE-2020-7595
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-updating-description-of-trigger-by-other-maintainer.yml
+++ b/changelogs/unreleased/security-updating-description-of-trigger-by-other-maintainer.yml
---
-title: Prevent updating trigger by other maintainers
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-xss-vulnerability-in-admin-send-email-notification.yml
+++ b/changelogs/unreleased/security-xss-vulnerability-in-admin-send-email-notification.yml
---
-title: Fix XSS vulnerability in `admin/email` "Recipient Group" dropdown
-merge_request:
-author:
-type: security